Updated at 4:55 PM, Eastern.
A senior official with the Office for Civil Rights said Tuesday that the Health Insurance Portability and Accountability Act (HIPAA) privacy and security rule enforcer plans to release final rules regarding the Health Information Technology for Economic and Clinical Health Act (HITECH) and HIPAA next year.
Adam H. Greene, senior health information technology and privacy specialist at OCR, told an audience at the “2010 ONC Update” that he doesn’t know a specific time in 2011 that the rules would be released, but added they would be published “contemporaneously.”
OCR’s intention is to avoid staggering compliance dates. The rules to which Greene alluded are:
Greene also said a proposed rule on accounting of disclosures of EHRs will be released in 2011. HITECH calls for OCR to expand the HIPAA accounting disclosures provision to add treatment, payment, and healthcare operations disclosures when they're through an EHR. HITECH calls on the HHS secretary to balance the interest of individuals who want to learn the information versus the burden on covered entities.
HITECH also calls for "periodic audits" of HIPAA compliance, but federal regulators have yet to announce any details of the plan other than who is helping them craft one, Booz Allen Hamilton.
Asked about the status of the audit program Tuesday, Greene said, "That's the $1.5 million question, I suppose, is, you know, when will this audit program begin and what are the chances that I'm going to be audited? And I wish I did have more information for you on that. A lot of it can depend on what potential audit program we initiate. I mean, you know, if it's more of a classic audit program of, you know, either us directly or through contractors visiting a sample, that time frame may be very different than for example if you tried to do something that touched the entire business community and associate committed — certification process or something like that."